Jun 28, 2007 (10:06 AM EDT)
Cybercriminals Playing Mind Games With Users

Read the Original Article at InformationWeek

Think mind games are only for dating and creepy movies?

Think again. According to researchers at McAfee, a new study shows that cybercriminals use psychological games to scam users. In his study, "Mind Games", Dr. James Blascovich, professor of psychology at the University of California, Santa Barbara, focuses on multiple common spam scams and looks at how cybercriminals use fear, greed, and lust to steal personal and financial information.

"Scam spam works best by providing recipients with a sense of familiarity and legitimacy, either by creating the illusion that the e-mail is from a friend or colleague, or providing plausible warnings from a respected institution," Dr. Blascovich wrote. "Once the victim opens the e-mail, criminals use two basic motivational processes, approach and avoidance, or a combination of the two, to persuade victims to click on dangerous links, provide personal information, or download risky files."

He also added that by scamming $20 from just half of 1% of the U.S. population, cybercriminals can earn $15 million each day and nearly $5.5 billion in a year. That rings up to be a powerful attraction for scam artists.

One key to the scammers' success is familiarity, according to Blascovich's study, which was backed up by a similar report that McAfee commissioned. One example is phishing scams, which fraudulently acquire sensitive information, like usernames, passwords, and financial data, by disguising the phony e-mails as being from a familiar or nationally recognized bank, credit card company, or even an online auction site.

McAfee reported in an online release that its Avert Labs researchers discovered that the number of phishing Web sites increased by 784% in the first half of 2007.

Popular sites also are increasingly victimized, according to the Blascovich report. For example, in December 2006, cybercriminals targeted the MySpace site and used a worm to convert legitimate links to one that lured consumers to a phishing site designed specifically to steal personal information.

"Along with the alarming increase in phishing e-mails, we are also seeing more sophisticated messages that can fool all but the most highly trained surfer," said David Marcus, security research and communications manager at McAfee Avert Labs, in a written statement. "While earlier phishing e-mails often included typos, awkward language, and minor graphical mistakes, newer scams appear to be more legitimate, with slicker graphics and copy that closely mirrors the language used by respected institutions."

But scammers aren't just going with feigning familiarity. Some are trying a different tactic -- fear.

Subject lines like "Urgent Security Notification" and "Your billing account records are out of date," make people worry that if they don't respond, they'll get into financial trouble. Other lures, like "Must Complete and Submit" or "You Are Missing Out," are less blatant but similarly trick users into thinking that without taking action, they're going to lose out, the report added.

And, of course, still other scammers take advantage of the lovelorn. Blascovich reported that a subject line like, "Why spend another week lonely?" preys on people who are feeling lonely and insecure. McAfee offers information about phishing scams and other security threats on its Web site.